ELK6.2.3日誌分析工具搭x-pack破解安裝(三)
阿新 • • 發佈:2018-11-08
一、elasticsearch安裝x-pack
1.切換安裝目錄
[email protected]: cd /usr/local/elk/elasticsearch-6.2.3/bin
2.執行安裝命令
3.授權[email protected]:/usr/local/elk/elasticsearch-6.2.3/bin# ./elasticsearch-plugin install x-pack -> Downloading x-pack from elastic [=================================================] 100% @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: plugin requires additional permissions @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ * java.io.FilePermission \\.\pipe\* read,write * java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries * java.lang.RuntimePermission getClassLoader * java.lang.RuntimePermission setContextClassLoader * java.lang.RuntimePermission setFactory * java.net.SocketPermission * connect,accept,resolve * java.security.SecurityPermission createPolicy.JavaPolicy * java.security.SecurityPermission getPolicy * java.security.SecurityPermission putProviderProperty.BC * java.security.SecurityPermission setPolicy * java.util.PropertyPermission * read,write See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html for descriptions of what these permissions allow and the associated risks. Continue with installation? [y/N]y @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: plugin forks a native controller @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ This plugin launches a native controller that is not subject to the Java security manager nor to system call filters. Continue with installation? [y/N]y Elasticsearch keystore is required by plugin [x-pack-security], creating... -> Installed x-pack with: x-pack-security,x-pack-logstash,x-pack-core,x-pack-upgrade,x-pack-watcher,x-pack-monitoring,x-pack-ml,x-pack-deprecation,x-pack-graph
[email protected]: cd /usr/local/elk/elasticsearch-6.2.3
[email protected]: chown -R elasticsearch.elasticsearch *
4.重啟elasticsearch kill程序
[email protected]: su elasticsearch -l -c "/usr/local/elk/elasticsearch-6.2.3/bin/elasticsearch -d"
5.登入http://192.168.15.69:9200 已經出現驗證介面
6. 修改密碼 setup-passwords interactive
[email protected]:/usr/local/elk/elasticsearch-6.2.3/bin# x-pack/setup-passwords interactive Initiating the setup of passwords for reserved users elastic,kibana,logstash_system. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Reenter password for [elastic]: Enter password for [kibana]: Reenter password for [kibana]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [elastic]
#查詢所有使用者
curl -XGET -u elastic 'localhost:9200/_xpack/security/user?pretty'
#查詢所有Roles
curl -XGET -u elastic 'localhost:9200/_xpack/security/role'
二、kibana 安裝x-pack
1.執行安裝介面
[email protected]:/usr/local/elk/kibana-6.2.3-linux-x86_64/bin# ./kibana-plugin install x-pack
2.新增配置檔案kibana.yml
#登入elasticsearch 賬號密碼
elasticsearch.username: "elastic"
elasticsearch.password: "123abc"
#下面2條啟動警告資訊
xpack.reporting.encryptionKey: "a_random_string"
xpack.security.encryptionKey: "something_at_least_32_characters"
3.重啟kibana kill程序
[email protected]:/usr/local/elk/kibana-6.2.3-linux-x86_64/bin/kibana &
4.登入http://192.168.15.69:5601/
5.進去kibana使用elastic賬戶登入
三、破解x-pack
檢視到期時間
[email protected]:curl -XGET -u elastic:123abc "http://192.168.15.69:9200/_license"
覆蓋反編譯的jar檔案
[email protected]:cp -rf x-pack-core-6.2.3.jar /usr/local/elk/elasticsearch-6.2.3/plugins/x-pack/x-pack-core/
申請一個免費license(https://license.elastic.co/registration) 註冊後可以下載檔案,下載後修改,例如:
主要修改:type改為platinum表示可以使用所有功能 ; expiry_date_in_millis 我這裡改了10年
issue_date_in_millis":1490832000000
因為elasticsearch 6.2.3,現在更新license檔案時,要麼配置SSL\TLS,要麼就禁用security。
更新之前先配置elasticsearch.yml,加入:
xpack.security.enabled: false
重啟elasticsearch
執行更新license語句
[email protected]:curl -XPUT -u elastic:123abc 'http://192.168.15.69:9200/_xpack/license?acknowledge=true' -H "Content-Type: application/json" -d @license.json
生效之後,配置elasticsearch.yml 再開啟security,並開啟SSL\TLS:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
最後重啟elasticsearch。
檢視License狀態:
[email protected]:curl -XGET -u elastic:123abc "http://192.168.15.69:9200/_license"
或登入kibana檢視